| 3.061 - Unencrypted remote access is permitted to system services. | DISA Windows Vista STIG v6r41 | Windows | ACCESS CONTROL |
| AIOS-14-001000 - Apple iOS/iPadOS must not include applications with the following characteristics: access to Siri when the device is locked. | MobileIron - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL |
| AIOS-14-001000 - Apple iOS/iPadOS must not include applications with the following characteristics: access to Siri when the device is locked. | AirWatch - DISA Apple iOS/iPadOS 14 v1r3 | MDM | ACCESS CONTROL |
| CASA-VN-000210 - The Cisco ASA must be configured to use a Diffie-Hellman (DH) Group of 16 or greater for Internet Key Exchange (IKE) Phase 1 - IKE Phase 1. | DISA STIG Cisco ASA VPN v2r1 | Cisco | ACCESS CONTROL |
| CASA-VN-000550 - The Cisco ASA remote access VPN server must be configured to use TLS 1.2 or higher to protect the confidentiality of remote access connections. | DISA STIG Cisco ASA VPN v2r1 | Cisco | ACCESS CONTROL |
| CASA-VN-000640 - The Cisco VPN remote access server must be configured to use AES256 or greater encryption for the Internet Key Exchange (IKE) Phase 1 to protect confidentiality of remote access sessions - IKE Phase 1 to protect confidentiality of remote access sessions. | DISA STIG Cisco ASA VPN v2r1 | Cisco | ACCESS CONTROL |
| CASA-VN-000650 - The Cisco ASA VPN remote access server must be configured to use AES256 or greater encryption for the IPsec security association to protect the confidentiality of remote access sessions - AES encryption for the IPsec security association to protect the confidentiality of remote access sessions. | DISA STIG Cisco ASA VPN v2r1 | Cisco | ACCESS CONTROL |
| CNTR-K8-000150 - The Kubernetes Controller Manager must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination. | DISA STIG Kubernetes v2r1 | Unix | ACCESS CONTROL |
| CNTR-K8-000160 - The Kubernetes Scheduler must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination. | DISA STIG Kubernetes v2r1 | Unix | ACCESS CONTROL |
| CNTR-K8-000170 - The Kubernetes API Server must use TLS 1.2, at a minimum, to protect the confidentiality of sensitive data during electronic dissemination. | DISA STIG Kubernetes v2r1 | Unix | ACCESS CONTROL |
| CNTR-K8-000180 - The Kubernetes etcd must use TLS to protect the confidentiality of sensitive data during electronic dissemination. | DISA STIG Kubernetes v2r1 | Unix | ACCESS CONTROL |
| CNTR-K8-000190 - The Kubernetes etcd must use TLS to protect the confidentiality of sensitive data during electronic dissemination. | DISA STIG Kubernetes v2r1 | Unix | ACCESS CONTROL |
| ESXI-70-000010 - The ESXi host Secure Shell (SSH) daemon must use FIPS 140-2 validated cryptographic modules to protect the confidentiality of remote access sessions. | DISA STIG VMware vSphere 7.0 ESXi OS v1r2 | Unix | ACCESS CONTROL |
| ESXI-70-000090 - The ESXi host rhttpproxy daemon must use FIPS 140-2 validated cryptographic modules to protect the confidentiality of remote access sessions. | DISA STIG VMware vSphere 7.0 ESXi OS v1r2 | Unix | ACCESS CONTROL |
| ESXI-80-000014 The ESXi host Secure Shell (SSH) daemon must use FIPS 140-2 validated cryptographic modules to protect the confidentiality of remote access sessions. | DISA VMware vSphere 8.0 ESXi STIG OS v2r1 | Unix | ACCESS CONTROL |
| EX19-ED-000006 SchUseStrongCrypto must be enabled. | DISA Microsoft Exchange 2019 Edge Server STIG v2r1 | Windows | ACCESS CONTROL |
| EX19-MB-000006 Exchange must use encryption for RPC client access. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1 | Windows | ACCESS CONTROL |
| EX19-MB-000007 Exchange must use encryption for Outlook Web App (OWA) access. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1 | Windows | ACCESS CONTROL |
| EX19-MB-000008 Exchange must have forms-based authentication enabled. | DISA Microsoft Exchange 2019 Mailbox Server STIG v2r1 | Windows | ACCESS CONTROL |
| GEN003820 - The rsh daemon must not be running. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN003830 - The rlogind service must not be running. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005505 - The SSH daemon must be configured to only use FIPS 140-2 approved ciphers. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| GEN005510 - The SSH client must be configured to only use FIPS 140-2 approved ciphers. | DISA STIG AIX 5.3 v1r2 | Unix | ACCESS CONTROL |
| KNOX-07-017100 - The VPN client must be configured: 1. Disabled 2. Configured for container use only. 3. Configured for per app use. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | ACCESS CONTROL |
| KNOX-07-017100 - The VPN client must be configured: 1. Disabled 2. Configured for container use only. 3. Configured for per app use. | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | ACCESS CONTROL |
| KNOX-07-017110 - The VPN client must be configured: 1. Disabled 2. Configured for container use only 3. Configured for per app use. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | ACCESS CONTROL |
| KNOX-07-017110 - The VPN client must be configured: 1. Disabled 2. Configured for container use only 3. Configured for per app use. | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | ACCESS CONTROL |
| KNOX-07-017120 - The VPN client must be configured: 1. Disabled 2. Configured for container use only. 3. Configured for per app use. | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | ACCESS CONTROL |
| KNOX-07-017120 - The VPN client must be configured: 1. Disabled 2. Configured for container use only. 3. Configured for per app use. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | ACCESS CONTROL |
| KNOX-07-017130 - If a third-party VPN client is installed, it must not be configured with a DoD network (work) VPN profile. | MobileIron - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | ACCESS CONTROL |
| KNOX-07-017130 - If a third-party VPN client is installed, it must not be configured with a DoD network (work) VPN profile. | AirWatch - DISA Samsung Android 7 with Knox 2.x v1r1 | MDM | ACCESS CONTROL |
| OL08-00-040161 - OL 8 must force a frequent session key renegotiation for SSH connections to the server. | DISA Oracle Linux 8 STIG v2r1 | Unix | ACCESS CONTROL |
| RHEL-08-010020 - RHEL 8 must implement NIST FIPS-validated cryptography for the following: To provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | ACCESS CONTROL |
| RHEL-08-040161 - RHEL 8 must force a frequent session key renegotiation for SSH connections to the server. | DISA Red Hat Enterprise Linux 8 STIG v2r1 | Unix | ACCESS CONTROL |
| RHEL-09-671020 - RHEL 9 IP tunnels must use FIPS 140-2/140-3 approved cryptographic algorithms. | DISA Red Hat Enterprise Linux 9 STIG v2r2 | Unix | ACCESS CONTROL |
| SLES-15-010160 - The SUSE operating system must implement DOD-approved encryption to protect the confidentiality of SSH remote connections. | DISA SLES 15 STIG v2r1 | Unix | ACCESS CONTROL |
| SYMP-AG-000030 - Symantec ProxySG providing forward proxy intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52 - client.connection.negotiated_cipher | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-AG-000030 - Symantec ProxySG providing forward proxy intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52 - client.connection.negotiated_ssl_version | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-AG-000030 - Symantec ProxySG providing forward proxy intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52 - server.connection.negotiated_cipher | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-AG-000030 - Symantec ProxySG providing forward proxy intermediary services for TLS must be configured to comply with the required TLS settings in NIST SP 800-52 - server.connection.negotiated_ssl_version | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-AG-000040 - Symantec ProxySG providing reverse proxy intermediary services for TLS must be configured to version 1.1 or higher with an approved cipher suite. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| SYMP-AG-000050 - Symantec ProxySG storing secret or private keys must use FIPS-approved key management technology and processes in the production and control of private/secret cryptographic keys. | DISA Symantec ProxySG Benchmark ALG v1r3 | BlueCoat | ACCESS CONTROL |
| UBTU-18-010421 - The Ubuntu operating system SSH server must be configured to use only FIPS-validated key exchange algorithms. | DISA STIG Ubuntu 18.04 LTS v2r15 | Unix | ACCESS CONTROL |
| UBTU-20-010045 - The Ubuntu operating system SSH server must be configured to use only FIPS-validated key exchange algorithms. | DISA STIG Ubuntu 20.04 LTS v2r1 | Unix | ACCESS CONTROL |
| UBTU-22-255060 - Ubuntu 22.04 LTS SSH server must be configured to use only FIPS-validated key exchange algorithms. | DISA STIG Canonical Ubuntu 22.04 LTS v2r2 | Unix | ACCESS CONTROL |
| VCRP-67-000003 - The rhttpproxy must be configured to operate solely with FIPS ciphers. | DISA STIG VMware vSphere 6.7 RhttpProxy v1r3 | Unix | ACCESS CONTROL |
| WBSP-AS-000160 - The WebSphere Application Server Quality of Protection (QoP) must be set to use TLSv1.2 or higher. | DISA IBM WebSphere Traditional 9 Windows STIG v1r1 | Windows | ACCESS CONTROL |
| WBSP-AS-000160 - The WebSphere Application Server Quality of Protection (QoP) must be set to use TLSv1.2 or higher. | DISA IBM WebSphere Traditional 9 STIG v1r1 | Unix | ACCESS CONTROL |
| WBSP-AS-000160 - The WebSphere Application Server Quality of Protection (QoP) must be set to use TLSv1.2 or higher. | DISA IBM WebSphere Traditional 9 STIG v1r1 Middleware | Unix | ACCESS CONTROL |
| WN11-CC-000290 - Remote Desktop Services must be configured with the client connection encryption set to the required level. | DISA Windows 11 STIG v2r2 | Windows | ACCESS CONTROL |
